04-07-2022 02:06 PM
Hi,
Following the CVE-2022-0778 vulnerability, I would like to apply the workaround to reduce the risk of attack until the PAN-OS update is released.
According to the security ticket, you have to activate the Threat IDs 92409 and 92411 but how to do it ?
I found this link but I'm not sure of the procedure: https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000Cm4yCAC
Thanks in advance for your help
04-07-2022 03:35 PM
Yeah, that is not very clear to me either... It looks like threats 92409 and 92411 are already enabled, both are set to "reset-server" connection by default. CVE-2022-0778 affects lots of OpenSSL integrated products, not just PAN-OS, so perhaps the workaround is meant more specifically for blocking exploits against devices behind the PA.
04-07-2022 05:27 PM
FWIW: PaloAlto just sent out release notices for PAN-OS v9.1.13-h3 and v10.1.5-h1 and they are on the download servers now (weren't there a couple hours ago). The release notes give a single patch:
PAN-190175 and PAN-190223 | A fix was made to address an OpenSSL infinite loop vulnerability in the PAN-OS software (CVE-2022-0778). |
No updates on the servers yet for GP clients.
04-08-2022 12:45 AM
Thank you for your feedback.
Yes, I can see the release on PAN-OS 9.1 and 10.1 on Software Update but not yet 8.1.
Thank you for your feedback.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
